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United  States  Cyber  Command 

(USCYBERCOM)  is  a  subunified 
command  under  United  States 
Strategic  Command  (USSTRAT- 
COM).  It  was  scheduled  for  an  October/ 
November  2009  initial  operating  capability 
(currently  delayed)  and  an  October  2010  full 
operational  capability.  There  are  some  excellent 
reasons  why  the  Secretary  of  Defense  chose  to 
initiate  a  subunified  warfighting  command 
for  the  cyberspace  domain,  but  the  situation 
facing  the  Department  of  Defense  (DOD) 
and  the  Federal  Government  will  require 
USCYBERCOM  to  develop  into  a  full  combat¬ 
ant  command  (COCOM)  in  the  next  5  years. 


The  decision  to  create  a  subunified 
command  for  the  cyberspace  domain  was 
made  at  the  Office  of  the  Secretary  of  Defense 
(OSD)  level.  There  are  several  fundamental 
requirements  for  reorganizing  DOD  ele¬ 
ments  into  a  COCOM.  But  the  decision  to 
create  a  subunified  command  was  based  on  a 
number  of  factors,  one  of  which  is  the  nature 
of  the  current  threat.  The  present  situation 
and  potential  ramifications  are  sufficiently 
aggressive  and  of  such  a  hostile  nature  that 
DOD  must  take  immediate  action  to  miti¬ 
gate  and  eventually  neutralize  the  ongoing 
threat.1  DOD’s  cyberspace  domain  and  data 
infrastructure  encompass  numerous  critical 


Lieutenant  Colonel  David  M.  Hollis,  USAR,  is  a  Joint 
Plans  Officer  with  U.S.  Strategic  Command  and  a 
Senior  Policy  Analyst  with  the  Office  of  the  Under 
Secretary  of  Defense  for  Intelligence. 


Airman  replaces  outdated  network  at 
Kandahar  Airfield,  Afghanistan 


U.S.  Air  Force  (James  L.  Harper,  Jr.) 


48  JFQ  /  issue  58, 3d  quarter  2010 


ndupress.ndu.edu 


Report  Documentation  Page 

Form  Approved 

OMB  No.  0704-0188 

Public  reporting  burden  for  the  collection  of  information  is  estimated  to  average  1  hour  per  response,  including  the  time  for  reviewing  instructions,  searching  existing  data  sources,  gathering  and 
maintaining  the  data  needed,  and  completing  and  reviewing  the  collection  of  information.  Send  comments  regarding  this  burden  estimate  or  any  other  aspect  of  this  collection  of  information, 
including  suggestions  for  reducing  this  burden,  to  Washington  Headquarters  Services,  Directorate  for  Information  Operations  and  Reports,  1215  Jefferson  Davis  Highway,  Suite  1204,  Arlington 

VA  22202-4302.  Respondents  should  be  aware  that  notwithstanding  any  other  provision  of  law,  no  person  shall  be  subject  to  a  penalty  for  failing  to  comply  with  a  collection  of  information  if  it 
does  not  display  a  currently  valid  OMB  control  number. 

1.  REPORT  DATE 

2Q  jq  2.  REPORT  TYPE 

3.  DATES  COVERED 

00-00-2010  to  00-00-2010 

4.  TITLE  AND  SUBTITLE 

USCYBERCOM:  The  Need  for  a  Combatant  Command  versus  a 
Subunified  Command 

5a.  CONTRACT  NUMBER 

5b.  GRANT  NUMBER 

5c.  PROGRAM  ELEMENT  NUMBER 

6.  AUTHOR(S) 

5d.  PROTECT  NUMBER 

5e.  TASK  NUMBER 

5f.  WORK  UNIT  NUMBER 

7.  PERFORMING  ORGANIZATION  NAME(S)  AND  ADDRESS(ES) 

National  Defense  University  Press, Joint  Force  Quarterly ,260  Fifth  Ave., 
Bldg.  64,  Fort  McNair, Washington, DC, 20319-5066 

8.  PERFORMING  ORGANIZATION 

REPORT  NUMBER 

9.  SPONSORING/MONITORING  AGENCY  NAME(S)  AND  ADDRESS(ES) 

10.  SPONSOR/MONITOR'S  ACRONYM(S) 

11.  SPONSOR/MONITOR'S  REPORT 
NUMBER(S) 

12.  DISTRIBUTION/AVAILABILITY  STATEMENT 

Approved  for  public  release;  distribution  unlimited 

13.  SUPPLEMENTARY  NOTES 

14.  ABSTRACT 

15.  SUBIECT  TERMS 

16.  SECURITY  CLASSIFICATION  OF:  17.  LIMITATION  OF 

_ _ _  ABSTRACT 

18.  NUMBER  19a.  NAME  OF 

OF  PAGES  RESPONSIBLE  PERSON 

a.  REPORT  b.  ABSTRACT  c.  THIS  PAGE  Same  OS 

unclassified  unclassified  unclassified  Report  (SAR) 

6 

Standard  Form  298  (Rev.  8-98) 

Prescribed  by  ANSI  Std  Z39-18 


HOLLIS 


vulnerabilities.  OSD  staff  and  congressio¬ 
nal  requirements  for  development  of  a  full 
COCOM  are  difficult  to  achieve  in  the  com¬ 
pressed  timeframe  as  required  by  the  threat 
and  known  vulnerabilities.  Developing  and 
focusing  DOD’s  capability  to  conduct  network 
warfare  (NETWAR,  as  defined  by  the  Army)2 
are  urgent  requirements.  The  reduced  up¬ 
front  effort  to  develop  a  subunified  command 
would  more  quickly  achieve  DOD’s  immedi¬ 
ate  goal  of  a  unified  full-spectrum  cyber  war 
capability.  Additionally,  internal  DOD 
opposition  to  a  full  COCOM  could  extend 
the  time  required  for  its  standup.  Numerous 
COCOMs,  Services,  and  agencies  have  devel¬ 
oped  their  own  NETWAR  and  cyberspace 
elements  and  want  to  maintain  their  indepen¬ 
dent  capabilities.  Yet  these  organizations  are 
also  looking  to  a  unified  authority  to  synchro¬ 
nize  their  own  capabilities  and  plans.3 

A  subunified  command  under 
USSTRATCOM  would  effectively  establish 
an  intermediate  goal  toward  the  development 
of  a  full  cyber  COCOM,  with  a  similar  but 
reduced  structure,  mission,  and  authority 
compared  to  a  full  unified  COCOM.  The 
development  of  a  subunified  command  is  a 
rapid  and  effective  step  toward  development 
of  synchronized  and  focused  DOD  capabili¬ 
ties  in  cyberspace/NETWAR. 

Cyberspace  Definition  and  Warfighting 
Domain 

Global  cyberspace  activity  has  occurred 
since  the  19th  century,  when  the  telegraph, 
telephone,  and  radio  created  the  first  elec¬ 
tronic  information  grid,  matured  into  global 
interconnectivity,  and  permitted  large-scale 
information  exchange.  The  first  electronic 
data  transactions  across  early  computer  net¬ 
works  (Advanced  Research  Projects  Agency 
Network/Military  Network)  evolved  into 
what  is  today  recognized  as  the  Internet. 
Threats,  vulnerabilities,  and  risks  have  grown 
exponentially  with  the  proliferation  of  use  and 
dependence  on  the  cyberspace  infrastructure. 
The  electronic  dependence  of  modern  civili¬ 
zation  on  physical  infrastructure  (transport 
layer),  massed  data/information  (storage, 
transmittal,  and  transaction),  and  the  result¬ 
ing  critical  infrastructure  functionality 
(finance,  health,  utilities,  government,  and  so 
forth)  requires  a  seamless  Internet  environ¬ 
ment.  Consequently,  cyberspace  has  become  a 
warfighting  domain  with  the  inherent  poten¬ 
tial  to  destroy  and/or  render  useless  logical, 
physical,  technical,  and  virtual  infrastructure, 


and  to  damage  critical  national  capabilities 
such  as  economic,  government,  military,  edu¬ 
cational,  health,  social,  and  other  capabilities. 

Cyberspace  and  its  various  definitions 
have  been  around  since  the  1980s.4  In  the 
2006  National  Military  Strategy  for  Cyberspace 
Operations  (NMS-CO),  the  Joint  Chiefs  of 
Staff  defined  cyberspace  as  “a  domain  char¬ 
acterized  by  the  use  of  electronics  and  the 
electromagnetic  spectrum  to  store,  modify 
and  exchange  data  via  networked  systems 
and  associated  physical  infrastructures.”5  In 
contrast,  the  George  W.  Bush  administration’s 


the  electronic  dependence  of 
modern  civilization  requires  a 
seamless  Internet  environment 


2003  National  Strategy  to  Secure  Cyberspace 
does  not  use  the  word  data  in  its  definition: 
“Cyberspace  is  composed  of  hundreds  of 
thousands  of  interconnected  computers, 
servers,  routers,  switches,  and  fiber  optic 
cables  that  allow  our  critical  infrastructures 
to  work.  Thus,  the  healthy  functioning  of 
cyberspace  is  essential  to  our  economy  and 
our  national  security.”6  Various  U.S.  Govern¬ 
ment  agencies  now  agree  that  cyberspace  is  a 
warfighting  and  operational  domain,  but  what 
that  actually  means  is  unclear,  and  there  are 
numerous  other  definitions.7 

Elements  of  the  cyberspace  domain  are 
common  to  the  other  warfighting  domains; 
land,  sea,  air,  and  space  are  all  interactive  and 
require  cross-domain  planning,  and  cyber¬ 
space  is  no  different.  Cyberspace  domain 
superiority  supports  freedom  of  action  in  all 
other  domains  and  denies  freedom  of  action 
to  adversaries;  it  is  a  predicate  to  successful 
military  operations.  In  addition,  cyberspace 
offensive  weapons  have  several  analogies  with 
nuclear/space  forces.  Their  effects  are  global 
in  nature — they  cannot  be  contained  to  a  spe¬ 
cific  geographic  COCOM  or  theater.  Cyber¬ 
space  weapons,  once  used,  lose  their  deterrent 
value  and  effectiveness  because  the  opposing 
forces  can  immediately  build  counterdefenses. 

However,  military  operations  in 
the  cyberspace  domain  are  radically  dif¬ 
ferent  from  military  operations  in  the 
other  warfighting  domains.  For  example, 
cyberspace  is  an  artificial  construct  and  does 
not  primarily  exist  in  the  natural  world,  while 
the  other  domains  exist  in  nature.  Cyberwar/ 
NETWAR  will  primarily  be  fought  over 
network  terrain  that  is  owned  and  operated 


by  private  sector  entities,  many  of  them  mul¬ 
tinational  corporations.  Military  operations 
in  the  cyberspace  domain  simultaneously 
include  physical  and  logical  maneuver  space. 
Cyberspace  is  a  vastly  shifting  landscape 
compared  to  the  other  domains: 

Cyberspace  is  dynamic  and  continually  evolv¬ 
ing.  Changes  in  cyberspace  are  driven  in  large 
part  by  private  industry  research  and  develop¬ 
ment.  The  interdependency  and  innovation  of 
civilian  economic  markets  and  communica¬ 
tions  industries  have  a  direct  impact  on  cyber¬ 
security  and  military  effectiveness.  The  domain 
itself  is  expanding  and  evolving  as  information 
technology  and  the  market  expand  and  evolve. 
In  other  words,  portions  of  cyberspace  con¬ 
tinuously  change  due  to  technical  innovation, 
including  the  addition,  removal,  replacement, 
or  reconfiguration  of  components,  and  network 
protocols.8 

Cyberspace  is  also  one  of  the  leading 
investment  opportunities  for  the  private 
sector.9  For  these  reasons,  it  has  intricate, 
undefined,  and  extremely  challenging  legal 
implications. 

Far  more  than  in  the  other  warfight¬ 
ing  domains,  offensive  warfare  is  dominant 
in  the  cyberspace  domain.10  Red  Teams 
historically  penetrate  all  “.mil”  network 
defenses,  at  a  nominal  cost  compared  to  the 
huge  expense  of  creating  and  maintaining 
network  defense.  For  example,  if  a  particular 
server  has  100  potential  vulnerabilities, 
and  the  network  administrator  performs 
Herculean  efforts  to  patch  99  of  them  (99 
percent  success  rate  on  patches),  any  decent 
Red  Team  will  find  that  single  unpatched 
vulnerability  and  take  control  of  the  box, 
rendering  the  entire  defensive  effort  useless. 
As  an  analogy,  consider  the  battles  of  Crecy 
(1346)  and  Agincourt  (1415),  where  English 
longbowmen  slaughtered  the  French  knights 
charging  them.  Before  these  encounters,  the 
dominant  offensive  form  of  Western  warfare 
was  in  the  figure  of  a  mounted  armored 
knight.  A  technology  (the  longbow)  and 
an  organization  (disciplined  English  foot 
soldiers)  reversed  this  trend  by  creating  a 
major  imbalance  favoring  the  defensive  form 
of  warfare  after  centuries  of  domination  by 
the  offensive  form.  Cyberspace,  however, 
has  not  undergone  any  technological  or 
organizational  revolution  that  changes  the 
extreme  dominance  and  inherent  imbalance 
of  offensive  cyberwarfare. 
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Much  of  what  is  considered  offensive 
cyberspace  activity  does  not  meet  the  criteria 
of  “attack”  in  the  other  domains.  Shutting 
down  or  massively  corrupting  data  in  critical 
financial,  health,  or  power  grid  networks  con¬ 
stitutes  an  attack  on  national  sovereignty  and 
may  or  may  not  justify  a  use-of-force  response 


(a  political  rather  than  legal  or  technical  deci¬ 
sion).  A  cyberspace  attack  on  a  supervisory 
control  and  data  acquisition  (SCADA)  system 
that  results  in  casualties  or  a  regional  power 
failure  could  be  considered  a  kinetic  effect  to 
an  offensive  cyberspace  operation. 

At  the  other  end  of  the  spectrum,  actions 
such  as  pinging,  browsing,  or  port  scanning 
are  often  used  simply  for  the  effective  func¬ 
tioning  of  DOD  networks  and  cyberspace 
operations  and  may  or  may  not  have  hostile 
intent.  Additionally,  the  vast  majority  of 
malware,  botnets,  and  network  intrusions  into 
DOD’s  networks  are  technically  competitive 
measures,  espionage,  vandalism,  or  crimes  that 
fall  under  the  category  of  technical  network 
defense  responses  or  traditional  law  enforce¬ 
ment/counterintelligence  functions.  These  are 
not  attacks  on  U.S.  sovereignty.  In  many  cases, 
this  type  of  attack  would  be  better  described  as 
network  irritation  than  as  network  attack.  But 
this  noise-level  network  irritation  can  disguise 
a  host  of  more  serious  attacks  and  needs  to  be 
cleaned  out. 

Cyberspace,  due  to  its  potential,  differs 
considerably  from  the  other  warfighting 


domains.  Cyberspace  weapons  can  be  created 
by  anyone  and  launched  in  almost  complete 
anonymity — a  high- school  student  cannot 
spend  a  few  nights  hunched  over  a  keyboard 
and  create  an  F-22  fighter  but  could  create 
a  cyberspace  weapon  that  could  potentially 
disrupt  major  corporate  and  military 


networks  and  cause  physical  havoc.  Attribu¬ 
tion  is  almost  impossible  across  the  cyber¬ 
space  domain;  while  it  is  difficult  to  envision  a 
major/conventional  ground,  sea,  or  air  attack 
that  cannot  be  attributed  to  a  nation-state,  it  is 
practically  impossible  to  achieve  attribution  of 
a  nation-state  cyberspace  aggressor  if  it  chose 
anonymity.  Key  to  successful  cyberwarfare 
is  attribution,  which  becomes  increasingly 
difficult  with  current  technology  and  Internet 
network  communications  terrain.  Few  attack¬ 
ers  are  identified  unless  they  “self-identify” 
or  are  caught  discussing  their  exploits  in  an 
unsecured  chat  room  or  a  social  network  site. 
Attributing  responsibility  for  state-sponsored 
operations  can  be  practically  impossible. 

Operations  in  cyberspace  occur  near  the 
speed  of  light  and  in  real  time,  and  often  can 
impact  the  entire  spectrum  of  the  cyberspace 
domain  simultaneously  without  notice  or 
intelligence  indicators.  In  military  plan¬ 
ning  concepts,  operations  in  the  cyberspace 
domain  can  move  from  phase  zero  (shaping 
operations)  to  phase  two  (seizing  the  initia¬ 
tive)  or  even  to  phase  three  (dominating) 
instantaneously  and  worldwide,  with  huge 


implications  (strengths  and  vulnerabilities) 
for  the  United  States,  aggressor  nations,  and 
nonstate  actors.11  This  instantaneous  nature 
and  the  ability  to  attack  the  entire  domain 
simultaneously  are  characteristics  that  poten¬ 
tially  make  the  cyberspace  domain  a  much 
more  dangerous  and  vulnerable  domain. 

The  United  States  has  not  achieved  domi- 
?  nance  in  the  cyberspace  domain.  We  intuitively 
!  understand  that  we  dominate  all  warfighting 
I  domains  except  cyber — and  our  national 
I  economy,  livelihood,  civilization,  and  culture 
=j  are  as  dependent  on  it  as  our  military.  Cyber¬ 
space  is  the  only  domain  without  a  primary 
Service  as  lead  and  the  only  domain  in  which 
DOD  will  not  defend  the  U.S.  homeland.12  For 
example,  if  DOD  defended  the  land  domain  in 
the  same  manner  as  cyberspace,  a  Russian  land 
(amphibious/airborne)  invasion  of  New  Jersey 
would  have  to  be  fought  by  U.S.  citizens  and 
commercial  entities  with  whatever  weapons 
they  happened  to  possess.  DOD  would  only 
defend  Fort  Monmouth  and  Fort  Dix. 

Why  Should  USCYBERCOM  Be  a 
COCOM? 

Unity  of  Command/Effort.  Current 
DOD  approaches  to  cyberwarfare  are  scat¬ 
tered  and  fragmented  across  the  Services  and 
agencies.  The  Services,  Defense  Information 
Systems  Agency  (DISA),  National  Security 
Agency,  Intelligence  Community,  and  many 
of  the  other  COCOMs  have  unsynchronized 
cyberspace  warfighting  capabilities.  Unify¬ 
ing  DOD’s  cyberspace  effort  into  a  focused 
subunified  command  is  a  necessary  first 
step,  but  creating  a  separate  and  distinct 
USCYBERCOM  as  a  fully  functioning 
COCOM  would  provide  it  with  indispens¬ 
able  authority,  responsibility,  legitimacy,  and 
visibility.  This  would  enable  a  stronger  unity 


a  high-school  student  cannot 
spend  a  few  nights  hunched 
over  a  keyboard  and  create  an 
F-22  fighter  but  could  create 
a  cyberspace  weapon  that 
could  potentially  disrupt  major 
corporate  and  military  networks 


of  command/effort  across  DOD  and  greater 
influence  across  the  entire  U.S.  Government. 
Since  the  United  States  does  not  dominate 
the  cyberspace  domain,  establishing  a  full 
COCOM  would  provide  greater  authority  and 
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responsibility  to  address  this  glaring  national 
weakness.13  Because  of  the  unique  nature  of 
the  domain,  no  one  Service  is  responsible 
for  operations  to  protect  national  cyberspace 
(unlike  the  other  domains);  a  full  COCOM 
would  be  better  resourced  and  have  greater 
authority  and  responsibility  to  compensate  for 
the  lack  of  a  specific  Service  lead.  USCYBER- 
COM  will  require  acquisition  authority 
similar  to  that  of  U.S.  Special  Operations 
Command  in  order  to  unify  and  streamline 
the  procurement  of  military  cyberspace 
capabilities  (tools/weapons  and  associated 
training,  doctrine,  and  support  systems)  as 
opposed  to  each  individual  Service  developing 
and  fielding  an  uncoordinated  and  disjointed 
set  of  cyberspace  capabilities.  The  fragmenta¬ 
tion  of  the  Government’s  efforts  to  define, 
govern,  regulate,  defend,  exploit  (for  intel¬ 
ligence  purposes),  and  conduct  operations  in 
the  cyberspace  domain  is  embodied  in  the 
proliferation  of  definitions  of  cyberspace .I4 

Synchronization.  USSTRATCOM  is 
tasked  under  the  Unified  Command  Plan  to 
direct  the  defense  of  the  Global  Information 
Grid15  and  synchronize  cyberspace  operations. 
As  a  subunified  command,  USCYBERCOM 
probably  will  have  insufficient  authority  to 
fully  synchronize  across  the  Services  and  other 
COCOMs.  For  example,  geographic  COCOMs 
might  decide  in  the  future  to  conduct  full- 
spectrum  cyberspace  operations  within  their 
geographic  areas  of  responsibility  (AORs).  This 
approach  is  incompatible  with  the  nature  of 
cyberspace/NETWAR  operations  and  would 
be  in  conflict  with  three  postulations: 

■  Geographic  COCOMs  who  wanted  to 
use  cyberspace  weapons  as  part  of  a  regional 
geopolitical  and  military  decision  process  would 
be  potentially  wasting  strategic,  one-time-use 
assets  on  regional  objectives.  Offensive,  full- 
spectrum  cyberspace  weapons  are  strategic  in 
nature:  once  used,  knowledge  of  their  specific 
capabilities  spreads  across  the  Internet,  and 
opponents  can  then  adjust  their  defenses.  An 
excellent  example  is  a  weaponized  “zero-day” 
exploit — that  is,  an  attack  against  a  specific 
vulnerability  currently  unknown  to  the 
Internet  community.  Use  of  this  weapon  is 

a  one-time  launch.  The  worldwide  Internet 
community  will  be  able  to  rapidly  create 
defenses  and  write  and  implement  software 
patches  against  it. 

■  The  technical  workings  of  the  Internet 
argue  for  a  centralized  authority  and  responsi¬ 
bility  for  potential  offensive  cyberspace  opera¬ 


tions.  If  a  specific  geographic  COCOM  decides 
to  launch  a  cyberspace  offensive  weapon 
from  its  location  directly  against  a  particular 
country  (or  a  nonstate  target  within  a  country) 
in  its  AOR,  the  nature  of  the  Internet  ensures 
that  the  actual  packets  would  cross  routers, 
switches,  and  networks  in  countries  outside 
the  COCOM  AOR.  Packets  often  end  up 
relayed  by  satellites  across  multiple  continents. 
The  attack  cannot  be  confined  to  a  direct 
line  between  the  COCOM  and  the  targeted 
country,  and  backscatter  and  blind  retaliation 
may  occur.  These  attacks  would  cross  and 
impact  other  geographic  COCOM  AORs. 

■  The  potential  exists  for  certain  attacks 
or  types  of  cyberspace  weapon  to  get  out  of 
control  once  launched.  The  original  Robert 
Morris  worm  in  1988  was  not  intended  to 
take  the  Internet  down,  but  it  almost  did. 

A  cyberspace  action  taken  by  a  geographic 
COCOM  has  a  strong  probability  of  impacting 
other  geographic  COCOMs  and  could  have 
global  implications.  The  potential  unintended 
consequences  of  launching  various  cyberspace 
weapons  argue  for  centralized  command, 
control,  and  release  authority.16 

Mass.  At  least  13  different  doctrinal 
documents  at  the  OSD,  DOD,  agency,  Service, 
and  USSTRATCOM  levels  outline  how  DOD 
will  fight  a  cyberwar.  A  central  COCOM 
with  exclusive  authority  and  responsibility  to 
conduct  and  synchronize  cyberspace  opera¬ 
tions  should  consolidate  the  varied  works  into 
a  concise  doctrinal  template  from  which  DOD 
can  conduct  cyberspace  operations.  Each 
Service  has  its  own  doctrine  and  capability 
to  conduct  military  operations  in  cyber¬ 
space.17  Cyberwar/NETWAR  capabilities 
need  to  be  massed  into  one  coordinated  and 
synchronized  set  of  strategic  operations  in 
order  to  achieve  the  intended  massed  effects. 
All  aspects  of  cyberspace  domain  operations 
(defense,  offense,  network  operations,  and 
intelligence)  need  to  be  closely  synchronized 
to  eliminate  any  possible  gaps  or  seams  in  the 
overall  cyberspace  posture. 

Offensive  Operations.  The  offensive 
form  of  cyberspace  operations  is  far  superior 
to  the  defensive  form.  DOD  and  the  U.S. 
Government  need  to  place  more  emphasis  on 
the  offensive  form  of  full-spectrum  cyber  war 
to  support  and  ensure  an  appropriate  defense. 
They  must  be  prepared  to  answer  cyberspace 
incidents  with  technical  and  nontechnical 
means  of  response  and  retaliation — preemp¬ 
tive  or  responsive  actions  across  the  diplo¬ 


matic,  informational,  military,  and  economic 
spectrum  to  retaliate  against  aggressors  and 
deter  potential  adversaries. 


the  potential  unintended 
consequences  of  launching 
various  cyberspace  weapons 
argue  for  centralized  authority 


Diverse  Mission  Focus.  The  Obama 
administration  has  made  limited  attempts 
to  protect  the  Nation  from  cyberspace 
threats,18  but  there  are  several  national  issues 
that  require  greater  attention.  Each  Federal 
organization  is  focused  on  its  individual 
mission  area  and  responsibilities  regard¬ 
ing  cyberspace  operations.  The  Obama 
administration  decision  to  appoint  a  “Cyber 
Czar”  (to  organize  the  fragmented  Federal 
Government  cyberspace  capabilities  into  a 
coherent  and  synchronized  element)  is  a  step 
in  the  right  direction.  However,  the  decision 
was  clearly  a  low  priority  to  the  administra¬ 
tion,  and  the  position  appears  to  lack  the 
authority  to  properly  focus  and  discipline 
the  contentious  Federal  agencies  on  cyber¬ 
space  domain  concerns.  This  lack  of  central 
control  has  resulted  in  loose  policy  oversight 
by  the  Office  of  Management  and  Budget, 
OSD,  Department  of  Homeland  Security, 
and  Department  of  Justice  in  their  respective 
cyberspace  responsibilities  and  capabilities, 
with  weak  or  nonexistent  policy  compliance 
mechanisms.  Additionally,  divided  Federal 
funding  lines  lead  to  more  fragmentation  of 
operational  and  command  authority.  Each 
department/Service/agency  receives  its  own 
funding  for  information  technology  (IT)/ 
cyberspace  operations  and  purchases  its  own 
equipment  (resulting  in  a  failure  of  not  only 
compatibility,  information-sharing,  and 
security,  but  also  in  the  ability  to  leverage 
government  buying  power).  Resource  and 
performance  metrics  in  cyberspace  are  weak 
or  nonexistent.  Cyberspace  base  funding  in 
DOD  (cutting  across  IT  and  information 
operations  budgets  but  also  found  in  elec¬ 
tronic  warfare  and  force  protection  budgets) 
is  supplemented  in  an  uncoordinated  and 
fragmented  fashion  from  the  Comprehen¬ 
sive  National  Cyberspace  Initiative,19  and 
many  other  initiatives  such  as  the  OSD/ 
DISA  CyberCampaign  Plan.  The  figure 
illustrates  and  provides  details  concerning 
DOD  efforts  to  synchronize  cyberspace 
security  authority  and  resources. 


ndupress.ndu.edu 


issue  58,  3 d  quarter  2010  /  JFQ  51 


SPECIAL  FEATURE  |  USCYBERCOM 


There  is  a  compelling  requirement  for  a 
central  DOD  organization  with  the  capabil¬ 
ity  and  authority  to  command  and  control, 
coordinate,  and  synchronize  cyberwar/ 
NETWAR  functions  at  least  across  DOD,  and 
possibly  across  the  entire  U.S.  Government 
and  the  Nation  at  large.  The  coordination  and 
synchronization  mission  for  this  command 
is  critical — the  Internet  reaches  across  the 
entire  modern  enterprise.  It  touches  not  just 
those  connected  to  it,  but  also  those  who 
are  unaware  how  their  lives  are  governed  by 
technology.  Every  individual,  every  govern¬ 
ment,  and  every  nation-state  has  a  stake  in 
the  process.  The  technologies  and  domain 
environmental  characteristics  involved  with 
cyberwar/NETWAR  are  strategic  in  nature, 


worldwide  in  scope,  and  overwhelmingly 
dominated  by  the  offensive  form  of  warfare — 
all  leading  to  the  requirement  for  central¬ 
ized  DOD  and  U.S.  Government  authority. 
The  network  terrain  over  which  cyberwar/ 
NETWAR  will  be  conducted  is  radically 
different  from  the  physical  world  of  other 
warfighting  domains  in  that  it  can  affect  not 
only  that  which  is  “network”  but  also  that 
which  is  “network  controlled” — life-support 
systems,  SCADA,  physical  infrastructure, 
and  so  forth.  The  cyber  domain  is  suf¬ 
ficiently  different  from  other  warfighting 
domains  that  it  requires  a  command  with 
the  requisite  authority,  responsibilities,  and 
resources  to  successfully  conduct  DOD’s  full- 
spectrum  cyberwar/NETWAR  operations 


with  the  understanding  that  the  mission  of 
the  Defense  Department  is  the  defense  of 
the  Nation,  regardless  of  domain.  The  DOD 
solution  needs  to  be  the  establishment  of  a 
subunified  command  with  the  goal  of  a  full 
combatant  command  in  the  near  future. 

The  requirement  for  a  central  authority  to 
conduct  cyberdefense/cyberwar/NETWAR  is 
time-critical  due  to  glaring  network  defensive 
vulnerabilities,  the  potential  for  disastrous 
consequences  for  the  Defense  Department’s 
global  network  and  the  national/global  Inter¬ 
net,  the  potential  destruction  of  the  national 
infrastructure,  and  the  lives  of  U.S.  citizens. 
These  threats  are  even  more  critical  due  to 
the  instantaneous  nature  of  the  Internet.  As 
DOD  facilitates  economic  globalization  and 


Source :  OSD  Defense  Information  Assurance  Program  briefing  on  USCYBERCOM  standup,  by  author. 


Key.  CISO  =  Chief  Information  Security  Officer;  CJCS  =  Chairman  of  the  Joint  Chiefs  of  Staff;  CNA  =  Computer  Network  Attack;  CNE  =  Computer  Network 
Exploitation;  COCOM  =  Combatant  Command;  DASD  (CIIA)  =  Deputy  Assistant  Secretary  of  Defense  (Cyber,  Information,  and  Identity  Assurance)  (under  the 
Assistant  Secretary  of  Defense  [Networks  and  Information  lntegration]/DOD  Chief  Information  Officer);  DIAP  =  Defense  Information  Assurance  Program;  DOD 
=  Department  of  Defense;  DODD  =  Department  of  Defense  Directive;  EO  =  Executive  Order;  IA  =  Information  Assurance;  IMIT  =  Information  Management 
Information  Technology;  IPL  =  Integrated  Priority  List;  JOUNS  =  Joint  Operations  Urgency  of  Need  Statement;  NMS  CO  =  2006  National  Military  Strategy  for 
Cyberspace  Operations;  NSS  =  National  Security  Strategy;  O&M  =  Operations  and  Maintenance;  OPG  =  Operations  Planning  Group;  OPORD  =  Operation 
Order;  OSD  =  Office  of  the  Secretary  of  Defense;  POA&M  =  Plans  of  Action  and  Milestones;  RDT&E  =  Research,  Development,  Testing,  and  Evaluation;  S/A/FA 
=  Services/Agencies/Field  Activity;  UCP  =  Unified  Command  Plan;  UNS  =  Urgency  of  Need  Statement;  USD(P)  =  Under  Secretary  of  Defense  for  Policy. 
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international  trade  in  the  physical  realm  (for 
example,  the  U.S.  Navy  provides  security  to 
international  maritime  traffic),  it  is  also  the 
only  organization  that  can  perform  similar 
security  operations  in  the  virtual  Internet 
realm.  It  is  clearly  in  our  national  inter¬ 
est  to  secure  and  dominate  the  cyberspace 
environment. 

Current  DOD  and  U.S.  Government 
efforts  to  conduct  cyberdefense/cyberwar/ 
NETWAR  are  badly  fragmented  and  require 
greater  central  authority  and  integration/syn¬ 
chronization  of  overall  cyberspace  operations. 
Resources  to  defend  the  national  strategic 
portions  of  the  cyberspace  domain  are  woe¬ 
fully  inadequate,  and  many  of  the  resources 
are  acquired  and  deployed  in  an  unfocused 
and  uncoordinated  fashion.  The  development 
of  a  subunified  command  is  a  necessary  first 
step  toward  resolving  these  issues.  It  pro¬ 
vides  an  effective  tradeoff  between  the  time 
required  to  develop  a  central  cyberwar  orga¬ 
nization  and  the  immediate  need  to  provision 
that  organization  with  the  authority  to  prop¬ 
erly  command  and  control,  synchronize,  and 
coordinate  DOD’s  cyberdefense/cyberwar/ 
NETWAR  operations. 

The  subunified  command  can  be  devel¬ 
oped  and  made  operational  more  quickly 
than  a  full  COCOM,  yet  it  has  many  of  the 
same  authorities,  roles,  missions,  and  respon¬ 
sibilities.  It  has  the  same  skeletal  structure 
as  a  full  COCOM  with  reduced  capabilities. 
The  next  logical  step  is  to  use  the  subunified 
command  as  a  core  to  launch  a  full  combat¬ 
ant  command  to  extend  the  resources  and 
authority  of  USCYBERCOM  to  the  essential 
level  of  authority  and  effectiveness.  Cyber¬ 
space  is  a  contested  domain,  and  the  United 
States  needs  sovereign  options  to  defend  itself 
and  its  global  interests;  to  deter,  dissuade, 
disrupt,  deny,  and  defeat  our  adversaries;  and 
to  protect  our  national  (economic,  military, 
cultural,  and  social)  interests.  JFQ 
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